Computer Security : How not to get Infected.

In my [intlink id=”3999″ type=”post”]previous blog post[/intlink] we talked about how the computer would get infected with Malware. Now on this blog post we will discuss how you can prevent most to all of these from ever happening again on your system.

Now let’s face it we are more and more going to be on the internet.   This is almost a necessity for a business or individuals.  You see Businesses have built there product around the internet and that is why it is necessary to be on the internet.

What program not to use to Surf the web

You should consider getting away from Internet Explorer,  I don’t say this lightly.   It may take Microsoft Months to fix a hole in something that involves [intlink id=”2301″ type=”post”]ActiveX or Something like that[/intlink].  We know how Microsoft will only[intlink id=”1951″ type=”post”] push out the really big security holes[/intlink] out of Cycle but keep the minor ones in Cycle.   [intlink id=”2301″ type=”post”]Hackers have jumped on exploits[/intlink] before when it comes Internet Explorer and use them on Black Wednesday, not less than 24 hours after the patches have been released.

Although these examples I showing doesn’t mean that they haven’t been fixed they are showing you how long it takes sometimes to fix them.

What you should use to Surf the web

One of te ways to prevent getting infected is keeping your browser up to date as quickly as possible, and I believe Mozzila Browser which is called FireFox is the answer.   One reason I recommend this to anything else is it is a community based browser and that means there is no waiting for a fix to come out when you know about it they have been working to fix the security hole.

They don’t wait till next month to send out a patch they usually only take a week or two to come up plugging the hole.   So that is why I always recommend to my clients to use FireFox instead of Internet Explorer.

I have 3 Addons that I would recommend along with FireFox, these addons help stop some of the most common ways to exploit your system.   The first one is called NOSCRIPT it is good to prevent scripts from being used on the web or on your system.  The next Addon I would recommend is Bit.ly Preview this is good for any shorten URL that is out there and will show you where it is really going.    It will also work well with Twitter web interface really well and let you know were a url is actually going to easily. Finally the last on I would recommend to my customers is AdBlocker Plus, this one is really good to use for like Facebook or other social sits where there might be a scareware redirect advertisement.  This will prevent some of those Notorious attempts at getting you to click a fake ad.

Also you may want to consider also installing some [intlink id=”2205″ type=”page”]Firewall and Antivirus[/intlink] software to better protect your system from getting a virus in the first place.

On my next post I will talk about some common ways to trick you into installing a virus or scareware on your system. So stay tuned.

[ad#SUPERAntiSpyware]

Fighting ‘Scareware’ with a brand new list!

I just got informed today that the [intlink id=”3944″ type=”post”]list of that we talked about a few day[/intlink] ago has been updated with more vendors:

CCSSParticpiation-new

As you can see there have been a number of new Antivirus programs that have been added.   Some the ones that I like have been AVG,  [intlink id=”3884″ type=”post”]SuperANTISpyware[/intlink], [intlink id=”3778″ type=”post”]A-Squared on a USB Stick[/intlink],  and [intlink id=”3851″ type=”post”]Malwarebytes[/intlink].  As you can see once that one Techworld was published Several new Vendors came forward and wanted to get involved.   This is a great step for fighting Scareware because now we can have a list for people to go to for verification.   I hope we keep those fake Antivirus writers from defrauding innocent people out of there money.

[ad#SUPERAntiSpyware]

Computer Security : How you get infected with Malware?

I have had several people how they get infected in the past few weeks and I have scoured the internet to try to come up with some answers.   There are several ways to get infected and we will discuss them all here.   In case someone wants to get a better idea on how to avoid these commons ways of infections

What is an Exploit?

This by nature is the first thing we need to discuss because exploits are most common with Malware due to the fact that they like to use them to gain control over an Application or computer.

An Exploit is a piece of software, a chunk of data, or sequence of commands that take advantage of a bug, glitch or vulnerability in order to cause unintended or unanticipated behavior to occur on computer software, hardware, or something electronic (usually computerized). This frequently includes such things as violently gaining control of a computer system or allowing privilege escalation or a denial of service attack.

[Via Wikipedia]

Now it can come from several vectors that I know of and it doesn’t just have to be one but has to have several different programs running to happen.   You see malware authors like to write code to crash your system in a way.   Just like a Remote Code Execution, when they run the code it does something to the computer to make it install software without the users knowledge or permission.  When Remote Code execution happens it is most commonly used to take control over a computer process where the program is located in memory or on the hard drive.

Opening a PDF

As you explore the internet you may come across sites with PDF’s that are there to hide there true nature.   Just like the H1N1 Virus that is epidemic in the US,  Malware authors are using PDF to run a number of possible exploits on people computer.  There are a number of exploits that can be used in PDF and even examples for those who want to understand it even more.   It however means you should turn off auto-load PDFs in your browser.  Any browser will auto load PDFS without having to open a new session it will load in your browser without as much of a warning.

Fake files name

I don’t know what else to call this but you get an email with what looks like it is a picture but that isn’t always true.   For example you would get a email from a friend and it says it is a document and may look like documentname.doc.exe  which will also use an ICON that looks like a document and may fool you.  See the Hidden File extensions that need to be fixed in Windows 7 for examples of what I mean.

Fake Codecs

Codecs are a necessity to view videos but most often are not real.  [intlink id=”2991″ type=”post”]Fake Codecs[/intlink] are a way to get you to install malware when you actually think it is a codec.  Install fake codecs can lead to trojans, virus, or even key loggers.  I’ve talked abut this from time to time but figure it would be good to remind people about this.

Installing Fake Antivirus Software

Sometimes you may get to a [intlink id=”3964″ type=”post”]site that may look like it is a real antivirus[/intlink] but it in reality is a [intlink id=”3713″ type=”post”]scam and will scare[/intlink] you into buying there product.   Sometimes the [intlink id=”3114″ type=”post”]Scareware will say you are infected and send you a file to run to help protect you,[/intlink] if that ever happens don’t run it.   You should never run programs from sites that you have never heard of.    Always go to trusted vendors first or at least Google for the product name before you install any questionable software.

Website tries to use web Browser exploits

Just like WebAttacker uses scripts to try to exploit several different known exploits in IE and other such Browsers.   This is the most common way to get virus or trojans to be install into a computer.   That is why I will always recommend getting away from IE and running Firefox or some other low profile web browser

Windows Up to Date

It is very important to keep you Windows System up to date. That said you got to understand that if you don’t keep your system up to date there will always be an increasing possibility of getting an infection. Due to the fake that malware authors right after Patch Tuesday will know exactly how to exploit a system that hasn’t updated there windows system to current. Install Service packs and other patches is the one way to keep malware authors at bay.

In one of my next posts I will recommend software to use to help prevent some of this or even how to disable some of the most common exploits.   If you like this post please feel free and tell you friends so they may also learn more about Computer Security.

[ad#SUPERAntiSpyware]

Don’t take it personal, It’s just a Fake Antivirus

So We come back to a few more examples of Personal Antivirus Scareware sites:

personalantivirus3

So I say don’t take it personal because you probably have those scareware pop ups saying you have a virus. If that is the case paying these fake Antivirus gangs money will not protect your computer. Here are a list of Sites that are Rogue Antivirus:

  • antivirusonlinescanv9.com ([intlink id=”3607″ type=”post”]Personal Antivirus scareware[/intlink])
  • checkyoupconlinev2.com ([intlink id=”3607″ type=”post”]Personal Antivirus scareware[/intlink])
  • 2009antivirpro.com ([intlink id=”3805″ type=”post”]Antivirus System Pro Scareware[/intlink])
  • avremover-pro.com ([intlink id=”3805″ type=”post”]Antivirus System Pro Scareware[/intlink])
  • aviremover-2009.com ([intlink id=”3805″ type=”post”]Antivirus System Pro Scareware[/intlink])
  • antivir-prof.com ([intlink id=”3805″ type=”post”]Antivirus System Pro Scareware[/intlink])
  • antiaware-pro.com ([intlink id=”3805″ type=”post”]Antivirus System Pro Scareware[/intlink])

I call these sites Scareware because there is usually some warning or popup saying you have a virus or a trojan, or even saying something like system alert. You will usually see something like a shield or eve times when the Rogue Antivirus will load up there fake page.  Be sure to check out some of my [intlink id=”2205″ type=”page”]Antivirus[/intlink] Suggestions and decide for yourself.

Remember these fake sites only thrive when you let them.

It is Recommended : [ad#SUPERAntiSpyware]

How Fake Antivirus writers try to fool you

I went looking around and saw this:

Homeantivirusfake

As you can see they try to make this site look like it is real. It also make the user at first glance become relaxed because of all PC Magazines and site stickers as I call them.   You also get to see a list of  latest virus alerts and threats, all of this is done to make you feel like this is a real Antivirus site.   They also have the box look like Windows Vista and Windows 7 look and feel to it.  Everything you see here makes you more relaxed and almost gets you to buy the software but wait, I want to know more about this company.   No way to call or who they are?  So I download the file call “Installer2.exe” and AVG pops up with:

Homeantivirusfake1

Not even AVG had the chance to say or do anything about this before Microsoft throws up this warning about it being a “Trojandownloader:win32/fakerean.gen!c”, I have got to admit Microsoft has been doing a little better job of identifying some of the threats.  Sites that all have this type of theme to them are:

  • homeanti-virus2010.com
  • homeanti-virus-2010.com
  • home-antivirus-2010.com
  • home-anti-virus2010.com
  • home-anti-virus-2010.com
  • home-antivirus2010.com
  • homeantivirus-2010.com
  • homeantivirus2010.com
  • homeav2010.com
  • home-av2010.com
  • home-av-2010.com
  • pcsecurity09.com
  • pcsecurity-09.com
  • pc-security09.com

as you can see they have made a URL theme for all the domains.   But all of these are located at IP:

  • 72.52.210.130
  • 72.52.210.131
  • 72.52.210.132
  • 72.52.210.133

As you can tell this can be considered a campaign by some individual to try to get money from innocent people.   So your best bet is to not go there and if you have it:

RECOMMEND : [ad#SUPERAntiSpyware]